▲ | mdaniel 8 days ago | ||||||||||||||||
https://portswigger.net/web-security/access-control/idor It's not, by itself, deadly but it does lower the safeguards against ACL slip-ups, which could easily exfiltrate the entire customer base | |||||||||||||||||
▲ | gooosle 5 days ago | parent [-] | ||||||||||||||||
What safeguards? Obfuscating your IDs by... replacing them with one-to-one mapped other IDs? | |||||||||||||||||
|